← Back to context

Comment by lynnesbian

3 days ago

> a product that mostly doesn't do anything except for occasionally break the internet

I wouldn't say that. The postmortem you referred to links to another CloudFlare blog post - one about a pretty serious RCE vuln in Microsoft SharePoint that was blocked by their WAF: https://blog.cloudflare.com/stopping-cve-2019-0604/

2 comments

lynnesbian

Reply
pvg  2 days ago

I mean, it's hardly surprising CloudFlare will tell you this is a useful product. But it is to securing a web application what regex is to parsing HTML.

  • jiggawatts  2 days ago

    Sadly I work with web developers that all assume they don’t need to bother too much with security “because we have a WAF”.